A botnet that's been infecting internet routers has a new target: machines mining the cryptocurrency Ethereum.

Since Jan. 8, the botnet has been scanning the internet for Windows systems running the Claymore mining software, and tampering with them, according to security researchers at Qihoo 360 Netlab.

The malware, known as Satori, was originally spotted a month ago targeting vulnerabilities in routers from Huawei and D-Link. However, the hacker behind the malware has retooled it to also attack a vulnerability in the Claymore mining software, Netlab said in a Wednesday blog post.

By exploiting the flaw, the botnet can replace the digital wallet to which the Claymore software mines Ethereum with a hacker-controlled address. It isn't clear how many mining rigs the botnet has hijacked. But since the attacks began, the botnet has managed to mine a single coin, which is worth about $1,000.

Related

The botnet is among the latest hacking schemes capitalizing on the cryptocurrency craze. Others have focused on hijacking websites and Google Chrome browser extensions to secretly mine the digital currency Monero.

In regards to the Satori botnet, the hacker behind scheme is leaving a message on the mining rigs hit, according to Netlab. "Satori dev here, don't be alarmed about this bot it does not currently have any malicious packeting purposes move along. I can be contacted at curtain@riseup.net," the message reads.

The vulnerability in the Claymore software was actually part of a feature for remote monitoring of the Ethereum mining. The flaw appears to have been patched in version 10.2 of the software.

About the Author

Michael has been a PCMag reporter since October 2017. He previously covered tech news in China from 2010 to 2015, before moving to San Francisco to write about cybersecurity. He covers a variety of tech news topics, including consumer devices, digital privacy issues, computer hacking, artificial intelligence, online communities and gaming.
His ... See Full Bio

Get Our Best Stories!

This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.